help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Migrate Oauth1 to Outh2

‎01-12-2016 05:27 - edited ‎01-13-2016 00:24

‎01-12-2016 05:27 - edited ‎01-13-2016 00:24

Hi,

 

I'm trying to retrieve oauth2 token based on old oaut1 token and token secret.

As a response I receive the following message:

 

{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid or expired: <tokenoauth1>:<tokensecretoauth1> Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

 

I've just retrieved the token and token sectret, the values are not expired.

 

Code Sample:

HttpClient httpClient = new HttpClient();
string postUrl = "https://api.fitbit.com";
postUrl += "/oauth2";
postUrl += "/token";
string ClientId = "<oauth2clientid>";
string AppSecret = "<appsecret>";
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("grant_type", "refresh_token"),
new KeyValuePair<string, string>("refresh_token", "<token>:<tokensecret>")
});
string clientIdConcatSecret = Base64Encode(ClientId + ":" + AppSecret);
httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", clientIdConcatSecret);
Task<HttpResponseMessage> response = httpClient.PostAsync(postUrl, content);
Task<string> responseString = response.Result.Content.ReadAsStringAsync();

 

 

Best Answer
Labels:
0 Votes
3 REPLIES 3

‎01-12-2016 15:05

‎01-12-2016 15:05

Please do not paste large code blocks to the forum. Use a GitHub gist or link to a public repository.

 

We prefer to debug the actual HTTP request you're making to Fitbit, as it is much easier to identify issues. Please capture and share the HTTP request your application is making and the response from Fitbit. One tool to do this is Runscope Traffic Inspector. Be sure to obfuscate your access token when publicly sharing.

Best Answer
0 Votes

‎01-19-2016 06:31 - edited ‎01-19-2016 06:50

In response to JeremiahFitbit

‎01-19-2016 06:31 - edited ‎01-19-2016 06:50

POST https://api.fitbit.com/oauth2/token HTTP/1.1
Authorization: Basic <Base64 encoded  clientId:clientsecret>
Content-Type: application/x-www-form-urlencoded
Host: api.fitbit.com
Content-Length: 106

grant_type=refresh_token&refresh_token=<oauth1token>%3A<oaut1tokensecret>

 

and the response

 

HTTP/1.1 400 Bad Request
Server: cloudflare-nginx
Date: Tue, 19 Jan 2016 14:33:12 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, private
Content-Language: en-EU
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-RAY: 267340d7a15c238a-FRA

116
{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid or expired: <oauth1token>:<oauth1tokensecret>. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
0

 

Best Answer
0 Votes

‎01-19-2016 13:22

In response to RobertNeagu

‎01-19-2016 13:22

That looks like a correct request, so I assume that your user access token and user access token secret are invalid.

 

Here's a successful test I just tried (underscores for redacting all but the first and last characters of sensitive values):

 

POST /oauth2/token HTTP/1.1
Authorization: Basic Ml9fX19MOjlfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19k
Content-Type: application/x-www-form-urlencoded
Host: api.fitbit.com
Connection: close
User-Agent: Paw/2.2.9 (Macintosh; OS X/10.11.2) GCDHTTPRequest
Content-Length: 106

grant_type=refresh_token&refresh_token=7______________________________a%3A3______________________________6

HTTP/1.1 200 OK
Server: cloudflare-nginx
Date: Tue, 19 Jan 2016 21:11:34 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-control: no-cache, private
Content-Language: en-US
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-RAY: 26758866ab612870-SJC

{"access_token":"eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTMyNDE0OTQsInNjb3BlcyI6Indwcm8gd251dCB3c2V0IHdzbGUgd3dlaSB3YWN0IHdzb2MiLCJzdWIiOiIyX19fX0wiLCJhdWQiOiIyX19fX0wiLCJpc3MiOiJGaXRiaXQiLCJ0eXAiOiJhY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTMyMzc4OTR9.crqqZUpke74stpa-ItkqC8IVt85in3v3k7510jMjVn4","expires_in":3600,"refresh_token":"c______________________________________________________________d","scope":"profile sleep social activity settings weight nutrition","token_type":"Bearer","user_id":"26FWFL"}
Best Answer
0 Votes